Struggling to get IPSec/L2TP to work



  • I've followed the walkthrough at https://doc.pfsense.org/index.php/L2TP/IPsec a couple of times now but cannot get my VPN to work from my android phone. I'm using the latest build 2.3.3_1 so the instructions don't 100% match but it appears I've done something wrong somewhere - repeatedly. Is there a problem with it or is it just me?



  • The IPSec log if it means anything to anyone - doesn't to me sadly.

    Apr 7 09:31:48 charon 11[IKE] <20> received FRAGMENTATION vendor ID
    Apr 7 09:31:48 charon 11[IKE] <20> received DPD vendor ID
    Apr 7 09:31:48 charon 11[IKE] <20> 192.168.1.33 is initiating a Main Mode IKE_SA
    Apr 7 09:31:48 charon 11[CFG] <20> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
    Apr 7 09:31:48 charon 11[CFG] <20> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
    Apr 7 09:31:48 charon 11[IKE] <20> no proposal found
    Apr 7 09:31:48 charon 11[ENC] <20> generating INFORMATIONAL_V1 request 4286656525 [ N(NO_PROP) ]
    Apr 7 09:31:48 charon 11[NET] <20> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
    Apr 7 09:31:51 charon 11[NET] <21> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
    Apr 7 09:31:51 charon 11[ENC] <21> parsed ID_PROT request 0 [ SA V V V V V V ]
    Apr 7 09:31:51 charon 11[IKE] <21> received NAT-T (RFC 3947) vendor ID
    Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Apr 7 09:31:51 charon 11[IKE] <21> received FRAGMENTATION vendor ID
    Apr 7 09:31:51 charon 11[IKE] <21> received DPD vendor ID
    Apr 7 09:31:51 charon 11[IKE] <21> 192.168.1.33 is initiating a Main Mode IKE_SA
    Apr 7 09:31:51 charon 11[CFG] <21> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
    Apr 7 09:31:51 charon 11[CFG] <21> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
    Apr 7 09:31:51 charon 11[IKE] <21> no proposal found
    Apr 7 09:31:51 charon 11[ENC] <21> generating INFORMATIONAL_V1 request 319277664 [ N(NO_PROP) ]
    Apr 7 09:31:51 charon 11[NET] <21> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
    Apr 7 09:31:55 charon 11[NET] <22> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
    Apr 7 09:31:55 charon 11[ENC] <22> parsed ID_PROT request 0 [ SA V V V V V V ]
    Apr 7 09:31:55 charon 11[IKE] <22> received NAT-T (RFC 3947) vendor ID
    Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Apr 7 09:31:55 charon 11[IKE] <22> received FRAGMENTATION vendor ID
    Apr 7 09:31:55 charon 11[IKE] <22> received DPD vendor ID
    Apr 7 09:31:55 charon 11[IKE] <22> 192.168.1.33 is initiating a Main Mode IKE_SA
    Apr 7 09:31:55 charon 11[CFG] <22> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
    Apr 7 09:31:55 charon 11[CFG] <22> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
    Apr 7 09:31:55 charon 11[IKE] <22> no proposal found
    Apr 7 09:31:55 charon 11[ENC] <22> generating INFORMATIONAL_V1 request 914008803 [ N(NO_PROP) ]
    Apr 7 09:31:55 charon 11[NET] <22> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
    Apr 7 09:31:58 charon 11[NET] <23> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
    Apr 7 09:31:58 charon 11[ENC] <23> parsed ID_PROT request 0 [ SA V V V V V V ]
    Apr 7 09:31:58 charon 11[IKE] <23> received NAT-T (RFC 3947) vendor ID
    Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Apr 7 09:31:58 charon 11[IKE] <23> received FRAGMENTATION vendor ID
    Apr 7 09:31:58 charon 11[IKE] <23> received DPD vendor ID
    Apr 7 09:31:58 charon 11[IKE] <23> 192.168.1.33 is initiating a Main Mode IKE_SA
    Apr 7 09:31:58 charon 11[CFG] <23> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
    Apr 7 09:31:58 charon 11[CFG] <23> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
    Apr 7 09:31:58 charon 11[IKE] <23> no proposal found
    Apr 7 09:31:58 charon 11[ENC] <23> generating INFORMATIONAL_V1 request 3324214621 [ N(NO_PROP) ]
    Apr 7 09:31:58 charon 11[NET] <23> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)


Log in to reply